COMMAND

    kernel

SYSTEMS AFFECTED

    all versions prior to 2000/04/20

PROBLEM

    Following is based on NetBSD Security Advisory and it was found by
    Artur Grabowski.  Untrusted local processes can hog cpu and kernel
    memory by tricking  the kernel into  running exclusively on  their
    behalf, denying other processes the CPU.

    4.xBSD kernels are non-preemptive; processes running in user space
    can be preempted, but processes runnning in the kernel must  yield
    the CPU voluntarily.  Certain  system calls could be convinced  to
    run for  an extended  time in  the kernel  without yielding (e.g.,
    reads from /dev/zero).

    In addition,  the ktrace  system-call tracing  facility could  use
    large amounts of kernel memory when tracing large I/O's

SOLUTION

    The patches referenced by this advisory:

        - add  a facility  to allow  a process  to yield  the cpu  but
          remain runnable.
        - notice when a process  has executed for an entire  timeslice
          without yielding.
        - add several preemption points in common system routines.
        - reduce the total memory required by ktrace while tracing I/O
          (by breaking the data read into multiple chunks).

    For formal NetBSD releases, you should to download the appropriate
    source patch  listed below,  apply it  to your  kernel source tree
    using  the  patch(1)  command.   For  NetBSD-current,  you  should
    update your source  tree (with either  sup or anonymous  CVS).  In
    both cases,  you then  need to  rebuild, install  the newly  built
    kernel, and reboot.  For NetBSD  1.4, 1.4.1, and 1.4.2 a patch  is
    available in

        ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/20000527-yield

    NetBSD-current since 20000420 contains  all the fixes, and  is not
    vulnerable.  Users  of NetBSD-current should  upgrade to a  source
    tree dated 20000420 or later.